e£839723372US ^ ^' CISCO-0655 

This application is submitted in the name of inventors Shujin Zhang, Xi Xu, Maria 
Dos SantoS;, Jane Jin, Jie Chu, and Shuxian Lou, assignors to Cisco Technology, 
Inc., a California Corporation. 
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SPECIFIC AIION 
PER USER AND NETWORK ROUTING TABLES 

10 

BACKGROUND OF THE INVENTION 

L Field Of The Invention 

The present invention relates to the field of computer networks. More particularly, 
15 the present invention relates to a per user routing table indexed by an IP address and a 
network routing table to more efficientiy route packets in systems where a user may 
connect to multiple networks. 

2. The Background 

20 

The Transmission Control Protocol/Internet Protocol (TCP/IP) is a common 
networking protocol which has become even more popular during the rise of the Internet 
Sending or receiving information using the TCP/IP protocol requires encapsulating 
information into packets. Each packet includes a header and a payload. The header 

25 contains information related to the handling of the payload by a receiving host or routing 
device, while the payload contains part or all of the user information. The information in 
the header includes the sender's and the recipient's addresses and is used to route the 
packet through the Internet until the packet is received by a host having an IP address that 
matches the packet's destination address (when referring to the source address and 

30 destination address of a packet, the source address and destination address are commonly 
referred to as "SA" and "DA", respectively). This enables users to accurately send and 
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receive information to and from each other through their respective host computers. 

In recent years, "intranets" have been rising in popularity, especially with large 
companies. An intranet is an internal network that serves only a specific type of person 
5 (such as employees of a corporation, or students at a school). The intranet is usually not 
accessible to the general public. Intranets have become popular mainly because they 
allow for much more productive communication between users within the network, even 
when the users are dispersed over a wide geographic area (such as in multi-national 
corporations). 

10 

FIG. 1 is a block diagram depicting one way to connect to an intranet. Personal 
computer 10 connects through a link 12, generally a Point- to-Point Protocol (PPP) link, 
to an Internet service provider (ISP) or access point (AP)14. The ISP or AP 14 then 
connects through link 16 to the Intranet 18. 

15 

Recendy, it has become possible to have simultaneous connection to multiple 
networks from a single link. The ISP may utilize a gateway to interface the user and the 
multiple networks. A gateway is a device which performs protocol conversion between 
different types of networks or applications. The term gateway is not meant to be limited 

20 to a single type of device, as any device, hardware or software, that may act as a bridge 
between the user and the networks may be considered a gateway for purposes of this 
application. FIG. 2 is a diagram illustrating the use of a gateway to couple multiple 
networks. Computer 80 connects to gateway 82 through a modem 84, while computers . 
86a and 86b couple to a router 88, then through modem 90 to gateway 82. Gateway 82 

25 may then interface computers 80, 86a , and 86b to multiple networks. These may include 
a first corporate intranet 92, a second corporate intranet 94, and the Internet 96. 
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A problem occurs at the gateway level, however, in determining to which network 
to route a packet sent by the user. This is further complicated by the fact that most 
gateways support multiple simultaneous users, each potentially having access to different 
multiple simultaneous networks. 

5 

What is needed is a solution which effectively manages the routing chores of a 
gateway in a system with users capable of simultaneous connection to multiple networks. 

An additional routing problem is encountered when the decision to which network 
10 to route the packet is made and the packet is actually forwarded to that network. Due to 
the geographic distances between (or within) most ISPs, traffic is generally passed to 
networks through the use of "hops". In order to get a packet to its destination, an ISP 
passes the packet to a first hop. Each hop is generally a gateway or router which passes 
the packet along to the next hop, until it eventually reaches its destination. FIG. 3 is a 
15 diagram illustrating the use of hops in a system in which a user is simultaneously 

connected to two networks. User 100 transmits a packet to gateway 102 which it intends 
to send to first network 104. Gateway 102 receives the packet and determines that it 
must be forwarded to the first network. Since there is no direct connection between the 
gateway 102 and the first network 104, it must pass it to a first hop 106, which then must 
20 examine the packet and determine that it should be passed along again (rather than sent to 
the local area network attached to first hop 106), so it passes it to second hop 108. This 
process continues until the packet reaches a hop 1 10 attached to first network 104. 

One problem with using hops to examine and forward packets is that sometimes it 
25 may be necessary to route the packet through a particular ISP. For example, a user may 
sign up for service from a particular ISP. The ISP may offer varying levels of service, 
including faster network communications for its higher paying users. This is only one 
example of a reason to require that a packet be forwarded to a particular ISP. One of 
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ordinary skill in the art will recognize that there may be other reasons why a gateway 
would need to forward a packet to a particular ISP. Whatever the reason, rather than 
simply forwarding packets to the Internet, it becomes necessary to guarantee that the 
packets travel through the particular ISP before being routed to the Internet. 

5 

What is further needed is a solution which allows a gateway to transmit packets 
through hops in a way that guarantees that the packets are routed through a particular ISP 
or network. 

10 SUMMARY OF THE INVENTION 

A gateway is provided which routes a packet sent from a user to a connected 
network utilizing a per user routing table. This is accomplished by extracting a source 
address from the packet; finding a per-user routing table corresponding to said source 

15 address, said per-user routing table containing entries corresponding to one or more 
currentiy accessible networks for the user and the range of network addresses 
corresponding to said currently accessible networks; extracting a destination address from 
the packet; seeking an entry in said matching per-user routing table with a range of 
network addresses containing said destination address; routing the packet to a matching 

20 network if said destination address is contained within one of said ranges of network 
addresses for said currentiy accessible networks; and routing the packet to a default 
network if said destination address is not contained within one of said ranges of network 
addresses for said currentiy accessible networks. This allows different users to have 
access to a different set of networks and allows a user to select the network he wishes to 

25 access. The gateway may also guarantee that packets are routed through a particular 
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destination ISP or network by looking up said destination ISP or network in a table, each 
entry in said table having a router network address corresponding to each network 
currentiy accessible; establishing a tunneling session to said matching router network 
address; and forwarding the packet to said router network address through said tunneling 
5 session. 



BRIEF DESCRIPTION OF THE DRAWINGS 

10 FIG. 1 is a block diagram iQustrating the typical connection to an intranet 

FIG. 2 is a diagram illustrating the use of a gateway to coupled multiple networks. 

FIG. 3 is a diagram illustrating the use of hops in a system in which the user is 
15 simultaneously connected to two networks. 

FIG. 4 is a flow diagram illustrating a method for routing a packet sent from a user 
in a system in which the user may be connected to multiple networks simultaneously in 
accordance with a presentiy preferred embodiment of the present invention. 

20 

FIG. 5 is a diagram illustrating a packet in accordance with the IP protocol. 

FIG. 6 is a diagram illustrating a per-user routing table in accordance with a 
presentiy preferred embodiment of the present invention. 

25 
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FIG. 7 is a block diagram illustrating a gateway for routing a packet sent from a 
user in a system in which the user may be connected to multiple networks simultaneously 
in accordance with a presentiy preferred embodiment of the present invention. 

5 FIG. 8 is a block diagram illustrating a gateway for routing a packet sent from a 

user in a system in which the user may be connected to multiple networks simultaneously 
in accordance with an alternative embodiment of the present invention. 

FIG. 9 is a flow diagram illustrating a method for routing a packet sent from the 
10 user in a system in which the user may be connected to multiple networks simultaneously 
in accordance with an alternative embodiment of the present invention. 

FIG. 10 is a diagram illustrating a table for use with the embodiment of FIG. 9 in 
accordance with an cdtemative embodiment of the present invention. 

15 

FIG. 1 1 is a block diagram illustrating a gateway for routing a packet sent from the 
user in a system in which the user may be connected to multiple networks simultaneously 
in accordance with an alternative embodiment of the present invention. 

20 DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT 

Those of ordinary skill in the art will realize that the following description of the 
present invention is illustrative only and not in any way limiting. Other embodiments of 
the invention wiU readily suggest themselves to such skilled persons. 



25 



In accordance with a presentiy preferred embodiment of the present invention, the 
components, process steps, and/or data structures are implemented using a gateway 
device. Different implementations may be used and may include other types of operating 
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systems, computing platforms, computer programs, and/or general fjuipose machines. In 
addition, those of ordinary skill in the art will readily recognize that devices of a less 
general purpose nature, such as hardwired devices, devices relying on FPGA or ASIC 
technology, or the like, may also be used without departing from the scope and spirit of 
5 the inventive concepts disclosed herein. 

FIG. 4 is a flow diagram illustrating a method for routing a packet sent from a user 
in a system in which the user may be connected to multiple networks simultaneously in 
accordance with a presently preferred embodiment of the present invention. At 150, a 
10 source address is extracted from the packet. FIG. 5 is a diagram illustrating a packet in 
accordance with the DP protocol. Packet 200 contains a source address 202, indicating the 
source IP address of the packet, and a destination address 204, indicating the destination 
IP address of the packet. Other protocols contain similar fields. Therefore, at 150 of 
FIG. 4, the source address is extracted from the source address field 202 of FIG. 5. 

15 

At 152, the source address is used to find a per-user routing table corresponding to 
the user who sent the packet. FIG. 6 is a diagram illustrating a per-user routing table in 
accordance with a presently preferred embodiment of the present invention. Each per 
user routing table 250 contains a user address 252, indicating the host address of the user 

20 to which the routing table corresponds. Then the per-user routing table contains one or 
more entries 254, each entry corresponding to a currendy accessible network for the 
corresponding user. Each entry 254 may contain a range of addresses 256, indicating the 
network addresses which correspond to the corresponding accessible network, and a 
network identification 258, which identifies the corresponding accessible network, the 

25 range of addresses 256 will likely be the network addresses for all possible users in each 
network. Generally, when a network is first configured, it is assigned a range of 
addresses for all of its users. Not all the users may be logged on at any one moment, and 
some of the network addresses in the range may never be used, but this range still 
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provides a way to determine if a packet should be routed to the network. Entries 254 are 
continuously updated by the gateway to reflect the currendy accessible networks for each 
user connected to the gateway. Thus entries may be added, modified, or deleted as 
necessary. 

5 

At 152 of FIG. 4, the gateway searches through one or more of the per-user 
routing tables (250 of FIG. 6) to find a per-user routing table corresponding to the source 
address. This may be accomplished by comparing the source address to the user address 
field (252 of FIG. 6) of each per-user routing table until a match is found. 

10 

At 154, a destination address (204 of FIG. 5) is extracted from the packet. At 156, 
the entries (254 of FIG. 6) of the matching per-user routing table are traversed (or 
otherwise searched), looking for a range of network addresses (256 of FIG. 6) containing 
the destination address. At 158, if the destination address is contained within one of the 
15 ranges of network addresses for currently accessible networks, the process moves to 160, 
where the packet may be routed to a matching network. A matching network may be 
determined by examining the network identification (258 of FIG. 6) of the entry (254 of 
FIG. 6) with the address range (256 of FIG. 6) containing the destination address. 

20 If, at 158, the destination address was not contained within any of the ranges of 

network addresses for currendy accessible networks, the packet may be routed to a 
default network. The default network may be set up by the user, or by an administrator at 
the gateway level. It is also conceivable that the gateway will simply forward the packet 
to the largest currently accessible network at this point, because the largest network has 

25 the greatest chance of having a connection to the Internet, and the Internet provides the 
best chance for the packet to eventually reach its destination (the size of network may be 
measured in terms of the number of nodes that it contains). The gateway may also 
simply ignore the packet at this point, rather than sending it to a default network, and 
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send a message to the user infonning him that a packet has an invalid destination address 
or that the packet is being ignored. 

These methods allow different users to have access to different sets of networks, 
5 and also allow the user some flexibility in choosing which network to access. 

FIG. 7 is a block diagram illustrating a gateway for routing a packet sent from a 
user in a system in which the user may be connected to multiple networks simultaneously 
in accordance with a presently preferred embodiment of the present invention. A packet 

10 source address extractor 300 extracts a source address from a packet received from a 
user. The packet source address extractor 300 is coupled to a per-user routing table 
searcher 302. A per-user routing table searcher 302 is coupled to one or more per-user 
routing tables 304 and searches through one or more of the per-user routing tables 304 to 
find a per-user routing table corresponding to the source address. This may be 

15 accomplished by comparing the source address to the user address field (252 of FIG. 6) 
of each per-user routing table until a match is found. 

A packet destination address extractor 306 extracts a destination address from the 
packet. A per-user routing table entry seeker 308 is coupled to the packet destination 

20 address extractor 306 and to the per-user routing table searcher 302. The per-user routing 
table traverser 308 searches through the entries in the table retrieved by the per-user 
routing table searcher 302 until it finds a range of addresses which contains the 
destination address extracted by the packet destination address extractor 306. A switch 
310 couples the per-user routing table traverser 308 to a matching network router 312 if a 

25 matching network was found by the per-user routing table traverser. The matching 

network router 312 routes the packet to the matching network. If no matching network 

was found, the switch 310 couples the per-user routing table traverser 308 to a default 

network router 314, which routes the packet to a default network. The default network 

9 
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may be set by a user or administrator or may be set to some other criteria, as in routing 
the packet to the largest accessible network. FIG. 8 is an alternative embodiment of the 
present invention in which the default network router 314 is replaced by a user interface 
316, which sends a message to the user that the packet is being ignored or that the 
5 destination address of the packet is invalid. 

FIG. 9 is a flow diagram iQustrating a method for routing a packet sent from a user 
in a system in which the user may be connected to multiple networks simultaneously. At 
350, the destination network of the packet is looked up in a table, each entry in the table 

10 having a router network address corresponding to each network currentiy accessible. 

This is not a per-user routing table, but rather a table containing an updated list (or other 
data structure) of the router network addresses of each currentiy accessible network. 
FIG. 10 is a diagram illustrating such a table in accordance with a presentiy preferred 
embodiment of the present invention. Table 400 contains one or more entries 402. Each 

15 entry 402 contains an identification of the network 404, and a router network address for 
the corresponding network. The router network address is the precise network addresses 
that the router for the corresponding network is located. This table may be stored in the 
gateway or may be located in a service profile that is retrieved from an external device. 
Referring back to FIG. 9, at 350, the table is searched until a matching entry for the 

20 destination network is found. 

At 352, the corresponding router network address from the matching entry is used 

to establish a tunneling session between the gateway and the matching router network 

address. Tunneling allows two hosts on the same type of network to communicate even 

25 though there may be different types of network in between. Tunneling is accomplished 

by encapsulating packets sent from a first type of network within packets of a type 

compatible with a second type of network for the duration of the packet's journey through 

the second type of network. Then, the outer packet is stripped off (and possibly some 

10 
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demultiplexing takes place) when the packet reaches the first type of network again. 
Layer Two Tunneling Protocol (L2TP) is a specific tunneling protocol that acts as an 
extension to the PPP protocol to allow ISPs to operate virtual private networks. L2TP or 
any other tunneling protocol may be used when establishing the tunneling session. 

5 

A tunneling session does not need to be established if one already exists between 
the gateway and the matching router network address. If this is the case, the process may 
simply move to 354 as establishing a second tunneling session to the same destination 
would be redundant. 

10 

At 354, the packet is forwarded to the router network address through the 
tunneling session estabUshed in 352. This allows the router to guarsmtee that the packet 
is routed to the particular ISP or network listed in the table. The ISP or network listed in 
the table corresponding to the destination network address may be a network or ISP that 
15 the users subscribe to, thus necessitating that all traffic directed to the Internet from the 
users must pass through the network or ISP. However, there may be other reasons why 
one would want to pass certain traffic through a particular ISP or network and the reason 
listed above should not be read as limiting. 



20 FIG. 11 is a block diagram illustrating a gateway in accordance with this 

alternative embodiment of the present invention. Gateway 450 contains a destination 
network table entry searcher 452 coupled to a table 454, which looks up the destination 
address of the packet in the table 454, each entry in the table having a router network 
address corresponding to each network currently accessible. This is the table of FIG. 10. 

25 

A tunneling session initiator 456 is coupled to the destination network table entry 

searcher 452 and establishes a tunneling session between the gateway and the matching 

router network address. A packet forwarder 458 is coupled to the tunneling session 

11 
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initiator 456 and forwards the packet to the router network address through the tunneling 
session established by the tunneling session initiator 456. 

The gateway of FIG. 1 1 and the gateway of FIG. 7 may also be combined in a 
5 single gateway which performs both functions. 

While embodiments and applications of this invention have been shown and 
described, it would be apparent to those skilled in the art that many more modifications 
than mentioned above are possible without departing from the inventive concepts herein. 
10 The invention, therefore, is not to be restricted except in the spirit of the appended claims. 
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